diff --git a/configs/wlc/wlc-b.cfg b/configs/wlc/wlc-b.cfg index afb99cc..279835c 100644 --- a/configs/wlc/wlc-b.cfg +++ b/configs/wlc/wlc-b.cfg @@ -7,7 +7,7 @@ clock timezone America/New_York -04 0 ! conductorip 10.1.35.33 ipsec ****** interface vlan 35 location "Building1.floor1" -controller config 729 +controller config 741 crypto-local pki ServerCert scsd_full_wc3 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_full_wc_2026 StarCert-Ex03_26_fullchain.pfx crypto-local pki ServerCert scsd_wc3_2026 StarCert-Expire03202026.pfx @@ -292,6 +292,8 @@ ip access-list session SCSD_Deny-Internal ! ip access-list session apprf-logon-sacl ! +ip access-list session apprf-scsd_guest-sacl +! ip access-list session staff_scsd any network 192.168.0.0 255.255.0.0 any deny any network 10.0.0.0 255.0.0.0 tcp 22 23 deny @@ -432,6 +434,13 @@ ip access-list session logon-control-bridge ip access-list session dhcp-acl any any svc-dhcp permit ! +ip access-list session SCSD_Guest + any any svc-dhcp permit + any any svc-dns permit + any network 192.168.0.0 255.255.0.0 any deny + any network 10.0.0.0 255.0.0.0 any deny + any any any permit +! ip access-list session facetime-acl any any svc-facetime-tcp permit queue high any any udp 3478 3497 permit @@ -696,6 +705,11 @@ user-role SCSD-IoT access-list session SCSD_Deny-Internal access-list session allowall ! +user-role SCSD_Guest + access-list session global-sacl + access-list session apprf-scsd_guest-sacl + access-list session SCSD_Guest +! user-role authenticated access-list session global-sacl access-list session apprf-authenticated-sacl @@ -755,6 +769,8 @@ vlan 10 ! vlan 30 ! +vlan 32 +! vlan 35 ! vlan 100 @@ -960,6 +976,8 @@ vlan-name Intune vlan Intune 164 vlan-name IoT vlan IoT 30 +vlan-name SCSD_Guest +vlan SCSD_Guest 32 vlan-name Secure-02-ITC vlan Secure-02-ITC 302 vlan-name Secure-03-Fowler @@ -1945,6 +1963,8 @@ aaa authentication dot1x "IoT_dot1_aut" ! aaa authentication dot1x "LemoyneTest_dot1_aut" ! +aaa authentication dot1x "SCSC_Guest_dot1_aut" +! aaa authentication dot1x "SCSD_IoT_dot1_aut" ! aaa authentication dot1x "SCSD_Secure_dot1_aut" @@ -2043,6 +2063,10 @@ aaa profile "LemoyneTest_aaa_prof" ! aaa profile "NoAuthAAAProfile" ! +aaa profile "SCSC_Guest_aaa_prof" + initial-role "SCSD_Guest" + authentication-dot1x "SCSC_Guest_dot1_aut" +! aaa profile "SCSD_IoT_aaa_prof" initial-role "SCSD-IoT" authentication-dot1x "SCSD_IoT_dot1_aut" @@ -2625,6 +2649,11 @@ wlan ssid-profile "IoT_ssid_prof" opmode mpsk-aes hide-ssid ! +wlan ssid-profile "SCSC_Guest_ssid_prof" + essid "SCSD_Guest" + wpa-passphrase *redacted* + opmode wpa2-psk-aes +! wlan ssid-profile "SCSD_IoT_ssid_prof" essid "SCSD_IoT" wpa-passphrase *redacted* @@ -3442,6 +3471,11 @@ wlan virtual-ap "IoT" vlan 30 ssid-profile "IoT_ssid_prof" ! +wlan virtual-ap "SCSC_Guest" + aaa-profile "SCSC_Guest_aaa_prof" + vlan 32 + ssid-profile "SCSC_Guest_ssid_prof" +! wlan virtual-ap "SCSD_IoT" aaa-profile "SCSD_IoT_aaa_prof" vlan 30 @@ -3587,6 +3621,7 @@ ap-group "APG06Henninger" virtual-ap "APG06-SCSD_Secure" virtual-ap "APG06-SCSD_Vendor" virtual-ap "IoT" + virtual-ap "SCSC_Guest" ! ap-group "APG06Henninger-Outdoors" dot11a-radio-profile "rp-377-a" @@ -3635,6 +3670,7 @@ ap-group "APG14Shea" virtual-ap "APG14-SCSD_Vendor" virtual-ap "SCSD_IoT" virtual-ap "IoT" + virtual-ap "SCSC_Guest" ! ap-group "APG15HWSmith" virtual-ap "Intune"